CVE-2009-3376 : Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0,

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.

Published 2009-10-29 14:30:01

Updated 2018-10-30 16:25:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-3376

Mozilla » Firefox » Version: 3.0.5
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.11
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.1
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.10
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.2
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.7
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.8
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.12
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.6
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.13
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.5.3
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.1
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.3
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.9
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.4
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0.2
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 3.0 Update Beta5
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 1.5.0.10
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.16
cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.1
cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.10
cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.4
cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.9
cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.5.0.8
cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.3
cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.2
cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.3
cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.2
cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.14
cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.15
cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.5
cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.5.0.9
cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.9
cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.13
cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1
cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.17
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0 Update Alpha
cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.7
cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.6
cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.6
cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1 Update Beta
cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.5
cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.4
cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.11
cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.12
cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.1.8
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.8
cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.7
cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0.1
cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 1.0
cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-3376

EPSS FAQ

2.36%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 84 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-3376

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-3376

CWE-16

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-3376

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3334

Site en construction

CVEs referencing this url
http://www.vupen.com/english/advisories/2010/0650

Webmail | OVH- OVH

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294

Mandriva

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11218
http://www.redhat.com/support/errata/RHSA-2010-0153.html

Support

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6541
https://bugzilla.mozilla.org/show_bug.cgi?id=511521
http://www.redhat.com/support/errata/RHSA-2010-0154.html

Support

CVEs referencing this url
http://www.ubuntu.com/usn/USN-915-1

USN-915-1: Thunderbird vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

CVEs referencing this url
http://www.mozilla.org/security/announce/2009/mfsa2009-62.html

Patch;Vendor Advisory
http://www.vupen.com/english/advisories/2010/0648

Webmail | OVH- OVH

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2009-3376

Products affected by CVE-2009-3376

Exploit prediction scoring system (EPSS) score for CVE-2009-3376

CVSS scores for CVE-2009-3376

CWE ids for CVE-2009-3376

References for CVE-2009-3376